Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome random popups / Google Membership Rewards


  • This topic is locked This topic is locked
7 replies to this topic

#1 Morre

Morre

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 29 July 2017 - 07:02 AM

Hi,

 

I've been getting popup tabs in Chrome, happening both seemingly completely at random (though possibly coincidental with mouse or key presses), and sometimes as redirects for currently open tabs. Though they have redirected to several different sites, the most common one is the "Google Membership Rewards" website. I've attempted to follow the instructions posted on BleepingComputer for removing this malware (including running a whole suite of different malware removal programs - MalwareBytes, Zemana Anti-Malware, AdwCleaner, HitmanPro), as well as reset my browser to its default settings. None of this seems to have made a difference. Only one of the programs (I think it was AdwCleaner) found anything at all, and removed it. It was a PUP.Optional.[x], but I cannot remember the name of x. Sorry about that!

 

Any help in resolving this would be greatly, greatly appreciated. Thanks in advance!

 

Here's a log file from HijackThis:

 

---

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:29:25, on 2017-07-29
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\ProgramData\Battle.net\Agent\Agent.5725\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net.exe
C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe
C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Users\[MyUserName]\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\[MyUserName]\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\[MyUserName]\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
C:\Users\[MyUserName]\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
C:\Users\[MyUserName]\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Bitvise SSH Server Activation State Checker] "C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe"
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
O4 - HKLM\..\Run: [Kraken71ChromaHelper] C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe /start
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [Discord] C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\[MyUserName]\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O4 - Global Startup: SteelSeries Engine 3.lnk = C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{f21feb9e-4679-4e60-ba89-35215b77cb04}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.19\AsusFanControlService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bitvise SSH Server (BvSshServer) - Bitvise Limited - C:\Program Files\Bitvise SSH Server\BvSshServer.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - Code 42 Software - C:\Program Files\CrashPlan\CrashPlanService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GalaxyClientService - GOG.com - C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Plays.tv Update Service (PlaysService) (PlaysService) - Copyright © 2016 Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: Razer Chroma SDK Service - Razer Inc. - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
 
--
End of file - 13495 bytes
 

 

 

Here's a log file from HijackThis:



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 30 July 2017 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar Recovery Scan Tool from now on to report problems.
<<<>>>

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.
==============================

#3 Morre

Morre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 30 July 2017 - 12:51 PM

Hi again,

 

Okay, thank you very much. Here are the two logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017
Ran by [MyUserName] (administrator) on [MyComputerName] (29-07-2017 13:49:11)
Running from C:\Users\[MyUserName]\Downloads
Loaded Profiles: [MyUserName] & BvSsh_VirtualUsers (Available Profiles: [MyUserName] & BvSsh_VirtualUsers)
Platform: Windows 10 Home Version 1703 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.19\AsusFanControlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files\Bitvise SSH Server\BssCtrl.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5725\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net.exe
(Hammer & Chisel, Inc.) C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
() C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe
(Hammer & Chisel, Inc.) C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hammer & Chisel, Inc.) C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe
(Spotify Ltd) C:\Users\[MyUserName]\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\Program Files (x86)\Battle.net\Battle.net.9093\Battle.net Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) C:\Program Files (x86)\GalaxyClient\GOG Galaxy Notifications Renderer.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\[MyUserName]\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Microsoft Corporation) C:\Users\[MyUserName]\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Users\[MyUserName]\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(hxxp://tortoisegit.org/) C:\Program Files\TortoiseGit\bin\TGitCache.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\Sublime Text 3\sublime_text.exe
() C:\Program Files\Sublime Text 3\plugin_host.exe
(Node.js) C:\Program Files\nodejs\node.exe
(hxxp://tortoisegit.org/) C:\Program Files\TortoiseGit\bin\TortoiseGitProc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\[MyUserName]\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8841472 2016-06-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-17] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [462808 2017-06-08] (Code 42 Software, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-11-04] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [241272 2014-08-31] (Bitvise Limited)
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51984 2016-12-23] (Copyright © 2016 Plays.tv, LLC)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-08-13] (Razer Inc)
HKU\S-1-5-21-4125502653-810523961-2608536839-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3068192 2017-07-28] (Valve Corporation)
HKU\S-1-5-21-4125502653-810523961-2608536839-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3229160 2017-03-24] (Blizzard Entertainment)
HKU\S-1-5-21-4125502653-810523961-2608536839-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [5087296 2017-07-28] (GOG.com)
HKU\S-1-5-21-4125502653-810523961-2608536839-1001\...\Run: [Discord] => C:\Users\[MyUserName]\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-4125502653-810523961-2608536839-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-4125502653-810523961-2608536839-1001\...\Run: [Spotify Web Helper] => C:\Users\[MyUserName]\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-24] (Spotify Ltd)
HKU\S-1-5-21-4125502653-810523961-2608536839-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
Lsa: [Authentication Packages] BvLsa msv1_0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-10-23]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 83.255.255.1 83.255.255.2
Tcpip\..\Interfaces\{97714974-3eaa-4fc6-9bfc-1cc9d898f627}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f21feb9e-4679-4e60-ba89-35215b77cb04}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{f21feb9e-4679-4e60-ba89-35215b77cb04}: [DhcpNameServer] 83.255.255.1 83.255.255.2
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-26] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-4125502653-810523961-2608536839-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\[MyUserName]\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-17] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://www.irccloud.com/#!/irc.efnet.org:6667/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default [2017-07-29]
CHR Extension: (Google Presentationer) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Dokument) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Cast) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25]
CHR Extension: (Google Search) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Session Buddy) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-04]
CHR Extension: (Google Kalkylark) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Stop Autoplay for Youtube™) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\figkapeodjhdgnpiamleongcmecfjccb [2017-07-27]
CHR Extension: (Google Dokument Offline) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2016-04-22] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2016-04-22] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.19\AsusFanControlService.exe [396088 2016-04-22] (ASUSTeK Computer Inc.)
S3 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [13097120 2014-08-31] (Bitvise Limited)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [267736 2017-06-08] (Code 42 Software)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2016-06-17] (DTS, Inc)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [487488 2017-07-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8163392 2017-07-15] (GOG.com)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-27] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-09-09] (Electronic Arts)
S3 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55056 2016-12-23] (Copyright © 2016 Plays.tv, LLC)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-04] (Razer Inc)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2016-04-22] ()
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [591360 2014-08-27] (C-MEDIA)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2016-04-22] (ASUSTeK Computer Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R1 MpKsl53910a25; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C618CF6A-78DB-4347-8B1E-4FD809E66876}\MpKsl53910a25.sys [44928 2017-07-28] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2386fda73b467ac8\nvlddmkm.sys [15625336 2017-06-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-28] (NVIDIA Corporation)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
S3 RZMAELSTROMVADService; C:\WINDOWS\system32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\WINDOWS\system32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows ® Win 7 DDK provider)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [32792 2015-09-29] (SteelSeries ApS)
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [52952 2016-08-29] (SteelSeries ApS)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-28] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-28] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-29 13:49 - 2017-07-29 13:49 - 00028570 _____ C:\Users\[MyUserName]\Downloads\FRST.txt
2017-07-29 13:49 - 2017-07-29 13:49 - 00000000 ____D C:\FRST
2017-07-29 13:47 - 2017-07-29 13:47 - 02381312 _____ (Farbar) C:\Users\[MyUserName]\Downloads\FRST64.exe
2017-07-29 13:25 - 2017-07-29 13:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\[MyUserName]\Downloads\HijackThis.exe
2017-07-28 15:28 - 2017-07-28 15:28 - 08162248 _____ (Malwarebytes) C:\Users\[MyUserName]\Downloads\AdwCleaner (1).exe
2017-07-28 15:28 - 2017-07-28 15:28 - 00008815 _____ C:\Users\[MyUserName]\Downloads\session_buddy_export_2017_07_28_15_28_18.txt
2017-07-28 15:23 - 2017-07-28 15:27 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-28 15:20 - 2017-07-28 15:20 - 00000360 _____ C:\Users\[MyUserName]\Desktop\remove_me_blergh.txt
2017-07-28 15:14 - 2017-07-28 15:20 - 00000000 ____D C:\AdwCleaner
2017-07-28 15:08 - 2017-07-29 13:49 - 00293260 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-28 15:08 - 2017-07-29 13:49 - 00272974 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-28 15:08 - 2017-07-28 15:08 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-07-28 15:08 - 2017-07-28 15:08 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-07-28 15:08 - 2017-07-28 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-28 15:08 - 2017-07-28 15:08 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-28 14:55 - 2017-07-28 15:23 - 11584088 _____ (SurfRight B.V.) C:\Users\[MyUserName]\Downloads\HitmanPro_x64.exe
2017-07-28 14:54 - 2017-07-28 14:54 - 08162248 _____ (Malwarebytes) C:\Users\[MyUserName]\Downloads\AdwCleaner.exe
2017-07-28 14:54 - 2017-07-28 14:54 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\Zemana
2017-07-28 14:53 - 2017-07-28 14:53 - 06589840 _____ (Zemana Ltd. ) C:\Users\[MyUserName]\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-28 14:52 - 2017-07-28 15:01 - 00003574 _____ C:\Users\[MyUserName]\Desktop\Rkill.txt
2017-07-28 14:52 - 2017-07-28 14:52 - 00912452 _____ C:\Users\[MyUserName]\Downloads\rkill.zip
2017-07-28 14:46 - 2017-07-28 14:46 - 141868824 _____ (Microsoft Corporation) C:\Users\[MyUserName]\Downloads\msert.exe
2017-07-28 13:50 - 2017-07-28 14:17 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\Electron
2017-07-28 12:50 - 2017-07-28 21:14 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\space-app
2017-07-28 12:48 - 2017-07-28 12:49 - 00000000 ____D C:\Users\[MyUserName]\.electron
2017-07-26 11:23 - 2017-07-26 11:23 - 00168617 _____ C:\Users\[MyUserName]\Downloads\WS02_HAFStationManifest.pdf
2017-07-26 11:23 - 2017-07-26 11:23 - 00057989 _____ C:\Users\[MyUserName]\Downloads\WS02_MGTIntroduction (2).pdf
2017-07-25 18:43 - 2017-07-28 15:19 - 00002820 _____ C:\Users\[MyUserName]\Documents\mtgPlanechaseDeckCardsToOrder.txt
2017-07-25 12:52 - 2017-07-25 16:39 - 00001887 _____ C:\Users\[MyUserName]\Documents\mtgPlanechaseDeck.txt
2017-07-24 15:05 - 2017-07-24 15:05 - 00057963 _____ C:\Users\[MyUserName]\Downloads\WS02_MGTIntroduction (1).pdf
2017-07-23 17:26 - 2017-07-23 17:26 - 00057966 _____ C:\Users\[MyUserName]\Downloads\WS02_MGTIntroduction.pdf
2017-07-23 17:20 - 2017-07-23 17:20 - 00056708 _____ C:\Users\[MyUserName]\Downloads\Introductionwelcome letter.pdf
2017-07-23 17:17 - 2017-07-23 17:17 - 00056372 _____ C:\Users\[MyUserName]\Downloads\WS02_Introduction.pdf
2017-07-23 01:00 - 2017-07-23 01:00 - 00171543 _____ C:\Users\[MyUserName]\Downloads\HAF Crew manifest (4).pdf
2017-07-23 00:58 - 2017-07-23 00:58 - 00171587 _____ C:\Users\[MyUserName]\Downloads\HAF Crew manifest (3).pdf
2017-07-23 00:35 - 2017-07-23 00:35 - 00078906 _____ C:\Users\[MyUserName]\Downloads\HAF Crew manifest (2).pdf
2017-07-23 00:33 - 2017-07-23 00:33 - 00078944 _____ C:\Users\[MyUserName]\Downloads\HAF Crew manifest (1).pdf
2017-07-23 00:18 - 2017-07-23 00:18 - 00070846 _____ C:\Users\[MyUserName]\Downloads\HAF Crew manifest.pdf
2017-07-22 23:08 - 2017-07-22 23:08 - 00000000 ____D C:\WINDOWS\Panther
2017-07-21 20:00 - 2017-07-21 20:00 - 00000000 ____D C:\Users\[MyUserName]\AppData\LocalLow\Temp
2017-07-17 19:32 - 2017-07-17 19:40 - 00000832 _____ C:\Users\[MyUserName]\Desktop\cleaningTodo.txt
2017-07-15 19:24 - 2017-07-15 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2017-07-15 19:09 - 2017-07-15 19:09 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-15 19:09 - 2017-06-27 22:27 - 00135616 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-07-15 19:09 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-07-15 19:09 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-07-15 19:09 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-07-15 19:09 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-07-15 19:06 - 2017-06-28 00:39 - 40239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 35838912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 35314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 28953536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 13559376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 12337296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 12132272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 11501776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 10381664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 09982456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 04163008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 03595384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438476.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 01597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438476.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 01276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 01067128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 01004664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00995224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00924096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00781728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00689808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-07-15 19:06 - 2017-06-28 00:39 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-07-15 19:06 - 2017-06-28 00:39 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-07-13 12:16 - 2017-07-13 12:20 - 00000000 ____D C:\Users\[MyUserName]\Documents\Rory försäkringsärende
2017-07-13 11:54 - 2017-07-13 11:54 - 00545163 _____ C:\Users\[MyUserName]\Downloads\KD173486-7714-01.pdf
2017-07-12 18:05 - 2017-07-12 18:05 - 02268494 _____ C:\Users\[MyUserName]\Downloads\SourceQuestions.pdf
2017-07-12 11:34 - 2017-07-07 09:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 11:34 - 2017-07-07 09:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 11:34 - 2017-07-07 08:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 11:34 - 2017-07-07 08:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 11:34 - 2017-07-07 08:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 11:34 - 2017-07-07 08:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 11:34 - 2017-07-07 08:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 11:34 - 2017-07-07 08:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 11:34 - 2017-07-07 08:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 11:34 - 2017-07-07 08:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 11:34 - 2017-07-07 08:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 11:34 - 2017-07-07 08:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 11:34 - 2017-07-07 08:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 11:34 - 2017-07-07 08:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 11:34 - 2017-07-07 08:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 11:34 - 2017-07-07 08:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 11:34 - 2017-07-07 08:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 11:34 - 2017-07-07 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 11:34 - 2017-07-07 08:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 11:34 - 2017-07-07 08:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 11:34 - 2017-07-07 08:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 11:34 - 2017-07-07 08:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 11:34 - 2017-07-07 08:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 11:34 - 2017-07-07 08:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 11:34 - 2017-07-07 08:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 11:34 - 2017-07-07 08:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 11:34 - 2017-07-07 08:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 11:34 - 2017-07-07 08:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 11:34 - 2017-07-07 08:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 11:34 - 2017-07-07 08:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 11:34 - 2017-07-07 08:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 11:34 - 2017-07-07 08:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 11:34 - 2017-07-07 08:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 11:34 - 2017-07-07 08:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 11:34 - 2017-07-07 08:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 11:34 - 2017-07-07 08:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 11:34 - 2017-07-07 08:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 11:34 - 2017-07-07 08:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 11:34 - 2017-07-07 08:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 11:34 - 2017-07-07 08:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 11:34 - 2017-07-07 08:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 11:34 - 2017-07-07 08:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 11:34 - 2017-07-07 08:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 11:34 - 2017-07-07 08:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 11:34 - 2017-07-07 08:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 11:34 - 2017-07-07 08:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 11:34 - 2017-07-07 08:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 11:34 - 2017-07-07 08:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 11:34 - 2017-07-07 08:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 11:34 - 2017-07-07 08:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 11:34 - 2017-07-07 08:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 11:34 - 2017-07-07 08:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 11:34 - 2017-07-07 07:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 11:34 - 2017-07-07 07:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 11:34 - 2017-07-07 07:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 11:34 - 2017-07-07 07:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 11:34 - 2017-07-07 07:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 11:34 - 2017-07-07 07:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 11:34 - 2017-07-07 07:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 11:34 - 2017-07-07 07:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 11:34 - 2017-07-07 07:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 11:34 - 2017-07-07 07:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 11:34 - 2017-07-07 07:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 11:34 - 2017-07-07 07:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 11:34 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 11:34 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 11:34 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 11:34 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 11:34 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 11:34 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 11:34 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 11:34 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 11:34 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 11:34 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 11:34 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 11:34 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 11:34 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 11:34 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 11:34 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 11:34 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 11:34 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 11:34 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 11:34 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 11:34 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 11:34 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 11:34 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 11:34 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 11:34 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 11:34 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 11:34 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 11:34 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 11:34 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 11:34 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 11:34 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 11:34 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 11:34 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 11:34 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 11:34 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 11:34 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 11:34 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 11:34 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 11:34 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 11:34 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 11:34 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 11:34 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 11:34 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 11:34 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 11:34 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 11:34 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 11:34 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 11:34 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 11:34 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 11:34 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 11:34 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 11:34 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 11:34 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 11:34 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 11:34 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 11:34 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 11:34 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 11:34 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 11:34 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 11:34 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 11:34 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 11:34 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 11:34 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 11:34 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 11:34 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 11:34 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 11:34 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 11:34 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 11:34 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 11:34 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 11:34 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 11:34 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 11:34 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 11:34 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 11:34 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 11:34 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 11:34 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 11:34 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 11:33 - 2017-07-07 16:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 11:33 - 2017-07-07 09:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 11:33 - 2017-07-07 09:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 11:33 - 2017-07-07 09:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 11:33 - 2017-07-07 09:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 11:33 - 2017-07-07 09:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 11:33 - 2017-07-07 09:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 11:33 - 2017-07-07 09:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 11:33 - 2017-07-07 09:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 11:33 - 2017-07-07 09:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 11:33 - 2017-07-07 09:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 11:33 - 2017-07-07 09:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 11:33 - 2017-07-07 09:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 11:33 - 2017-07-07 09:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 11:33 - 2017-07-07 09:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 11:33 - 2017-07-07 09:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 11:33 - 2017-07-07 09:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 11:33 - 2017-07-07 09:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 11:33 - 2017-07-07 09:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 11:33 - 2017-07-07 09:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 11:33 - 2017-07-07 09:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 11:33 - 2017-07-07 09:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 11:33 - 2017-07-07 09:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 11:33 - 2017-07-07 09:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 11:33 - 2017-07-07 09:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 11:33 - 2017-07-07 09:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 11:33 - 2017-07-07 09:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 11:33 - 2017-07-07 09:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 11:33 - 2017-07-07 09:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 11:33 - 2017-07-07 09:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 11:33 - 2017-07-07 09:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 11:33 - 2017-07-07 09:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 11:33 - 2017-07-07 09:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 11:33 - 2017-07-07 09:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 11:33 - 2017-07-07 09:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 11:33 - 2017-07-07 09:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 11:33 - 2017-07-07 09:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 11:33 - 2017-07-07 09:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 11:33 - 2017-07-07 09:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 11:33 - 2017-07-07 09:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 11:33 - 2017-07-07 09:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 11:33 - 2017-07-07 08:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 11:33 - 2017-07-07 08:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 11:33 - 2017-07-07 08:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 11:33 - 2017-07-07 08:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 11:33 - 2017-07-07 08:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 11:33 - 2017-07-07 08:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 11:33 - 2017-07-07 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 11:33 - 2017-07-07 08:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 11:33 - 2017-07-07 08:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 11:33 - 2017-07-07 08:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 11:33 - 2017-07-07 08:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 11:33 - 2017-07-07 08:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 11:33 - 2017-07-07 08:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 11:33 - 2017-07-07 08:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 11:33 - 2017-07-07 08:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 11:33 - 2017-07-07 08:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 11:33 - 2017-07-07 08:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 11:33 - 2017-07-07 08:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 11:33 - 2017-07-07 08:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 11:33 - 2017-07-07 08:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 11:33 - 2017-07-07 08:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 11:33 - 2017-07-07 08:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 11:33 - 2017-07-07 08:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 11:33 - 2017-07-07 08:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 11:33 - 2017-07-07 08:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 11:33 - 2017-07-07 08:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 11:33 - 2017-07-07 08:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 11:33 - 2017-07-07 08:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 11:33 - 2017-07-07 08:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 11:33 - 2017-07-07 08:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 11:33 - 2017-07-07 08:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 11:33 - 2017-07-07 08:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 11:33 - 2017-07-07 08:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 11:33 - 2017-07-07 08:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 11:33 - 2017-07-07 08:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 11:33 - 2017-07-07 08:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 11:33 - 2017-07-07 08:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 11:33 - 2017-07-07 08:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 11:33 - 2017-07-07 08:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 11:33 - 2017-07-07 08:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 11:33 - 2017-07-07 08:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 11:33 - 2017-07-07 08:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 11:33 - 2017-07-07 08:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 11:33 - 2017-07-07 08:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 11:33 - 2017-07-07 08:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 11:33 - 2017-07-07 08:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 11:33 - 2017-07-07 08:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 11:33 - 2017-07-07 08:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 11:33 - 2017-07-07 08:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 11:33 - 2017-07-07 08:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 11:33 - 2017-07-07 08:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 11:33 - 2017-07-07 08:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 11:33 - 2017-07-07 08:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 11:33 - 2017-07-07 08:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 11:33 - 2017-07-07 08:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 11:33 - 2017-07-07 08:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 11:33 - 2017-07-07 08:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 11:33 - 2017-07-07 08:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 11:33 - 2017-07-07 08:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 11:33 - 2017-07-07 08:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 11:33 - 2017-07-07 08:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 11:33 - 2017-07-07 08:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 11:33 - 2017-07-07 08:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 11:33 - 2017-07-07 08:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 11:33 - 2017-07-07 08:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 11:33 - 2017-07-07 08:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 11:33 - 2017-07-07 08:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 11:33 - 2017-07-07 08:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 11:33 - 2017-07-07 08:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 11:33 - 2017-07-07 08:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 11:33 - 2017-07-07 07:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 11:33 - 2017-07-02 00:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 11:33 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 11:33 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 11:33 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 11:33 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 11:33 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 11:33 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 11:33 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 11:33 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 11:33 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 11:33 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 11:33 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 11:33 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 11:33 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 11:33 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 11:33 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 11:33 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 11:33 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 11:33 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 11:33 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 11:33 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 11:33 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 11:33 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 11:33 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 11:33 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 11:33 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 11:33 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 11:33 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 11:33 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 11:33 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 11:33 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 11:33 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 11:33 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 11:33 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 11:33 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 11:33 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 11:33 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 11:33 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 11:33 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 11:33 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 11:33 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 11:33 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 11:33 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 11:33 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 11:33 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 11:33 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 11:33 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 11:33 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 11:33 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 11:33 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 11:33 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 11:33 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 11:33 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 11:33 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 11:33 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 11:33 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 11:33 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 11:33 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 11:33 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 11:33 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 11:33 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 11:33 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 11:33 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 11:33 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 11:33 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 11:33 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 11:33 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 11:33 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 11:33 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 11:33 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 11:33 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 11:33 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 11:33 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 11:33 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 11:33 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 11:33 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 11:33 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 11:33 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 11:33 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 11:33 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 11:33 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 11:33 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 11:33 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 11:33 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 11:33 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 11:33 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 11:33 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 11:33 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 11:33 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 11:33 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 11:33 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 11:33 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 11:33 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 11:33 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 11:33 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 11:33 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 11:33 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 11:33 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 11:33 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 11:33 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 11:33 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 11:33 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 11:33 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 11:33 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 11:33 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 11:33 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 11:33 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 11:33 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 10:33 - 2017-07-12 10:33 - 00029101 _____ C:\Users\[MyUserName]\Downloads\rewards.odt
2017-07-11 12:16 - 2017-07-11 12:16 - 00003398 _____ C:\Users\[MyUserName]\AppData\Local\recently-used.xbel
2017-07-11 12:09 - 2017-07-11 12:16 - 00000000 ____D C:\Users\[MyUserName]\Documents\Dog whisperer
2017-07-11 07:57 - 2017-07-11 07:57 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\DBG
2017-07-10 19:48 - 2017-06-21 09:07 - 00179320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-07-10 19:48 - 2017-06-21 09:07 - 00146552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-07-06 19:49 - 2017-07-06 19:49 - 00030964 _____ C:\ProgramData\agent.update.1499363355.bdinstall.bin
2017-07-06 11:47 - 2017-07-06 11:47 - 00001192 _____ C:\Users\[MyUserName]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2017-07-06 11:47 - 2017-07-06 11:47 - 00000000 ____D C:\ProgramData\Bitdefender
2017-07-06 11:46 - 2017-07-06 11:46 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-07-06 11:45 - 2017-07-06 11:45 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\QuickScan
2017-07-06 11:44 - 2017-07-29 13:22 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-07-06 11:44 - 2017-07-06 11:44 - 08465984 _____ C:\Users\[MyUserName]\Downloads\bitdefender_online.exe
2017-07-06 11:44 - 2017-07-06 11:44 - 00047141 _____ C:\ProgramData\agent.1499334293.bdinstall.bin
2017-07-06 11:44 - 2017-07-06 11:44 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-03 14:52 - 2017-07-03 14:52 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\bower
2017-07-03 14:52 - 2017-07-03 14:52 - 00000000 ____D C:\Users\[MyUserName]\.config
2017-07-03 14:50 - 2017-07-03 14:50 - 00009468 _____ C:\Users\[MyUserName]\.v8flags.5.1.281.95.9037f0b1059c1993ecbf00f76510d6d1.json
2017-07-03 14:48 - 2017-07-29 13:12 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\npm-cache
2017-07-03 14:44 - 2017-07-28 11:54 - 00000000 ____D C:\Code
2017-07-03 14:43 - 2017-07-03 14:43 - 12763136 _____ C:\Users\[MyUserName]\Downloads\node-v6.11.0-x64.msi
2017-07-03 14:43 - 2017-07-03 14:43 - 00000000 _____ C:\Users\[MyUserName]\.node_repl_history
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-29 13:42 - 2015-10-05 20:06 - 00000000 _____ C:\WINDOWS\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-07-29 13:42 - 2014-09-02 23:16 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\Battle.net
2017-07-29 13:42 - 2014-08-26 21:25 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\Skype
2017-07-29 13:37 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-29 13:37 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-29 13:37 - 2014-08-26 20:46 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\Packages
2017-07-29 13:26 - 2014-08-26 20:46 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\VirtualStore
2017-07-29 13:09 - 2017-04-22 20:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-29 12:25 - 2017-04-22 20:05 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-28 21:18 - 2017-04-22 20:06 - 00000000 ____D C:\Users\[MyUserName]
2017-07-28 21:18 - 2014-08-26 21:11 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-28 15:27 - 2017-04-22 20:14 - 02583198 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-28 15:27 - 2017-03-20 06:03 - 01158220 _____ C:\WINDOWS\system32\perfh01D.dat
2017-07-28 15:27 - 2017-03-20 06:03 - 00277664 _____ C:\WINDOWS\system32\perfc01D.dat
2017-07-28 15:22 - 2016-05-14 15:44 - 00000000 ____D C:\Program Files (x86)\GalaxyClient
2017-07-28 15:21 - 2017-04-22 20:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-28 15:21 - 2017-03-18 13:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-28 15:21 - 2014-09-02 23:16 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-07-28 14:58 - 2016-04-22 19:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-28 14:40 - 2017-04-02 19:39 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\npm
2017-07-28 13:00 - 2014-08-29 00:23 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\Spotify
2017-07-28 13:00 - 2014-08-26 21:24 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\Spotify
2017-07-28 00:37 - 2015-11-21 14:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-07-24 14:53 - 2014-10-20 11:36 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\TGitCache
2017-07-22 15:41 - 2014-09-15 20:35 - 00000000 ____D C:\Users\[MyUserName]\AppData\Roaming\vlc
2017-07-20 20:11 - 2014-08-26 22:07 - 00000000 ____D C:\Users\[MyUserName]\.gimp-2.8
2017-07-16 20:22 - 2017-04-01 16:09 - 00000000 ____D C:\Users\[MyUserName]\Documents\Spacelock
2017-07-15 20:17 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-15 19:24 - 2014-08-26 21:12 - 00000000 ____D C:\ProgramData\CrashPlan
2017-07-15 19:24 - 2014-08-26 21:12 - 00000000 ____D C:\Program Files\CrashPlan
2017-07-15 19:18 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-15 19:14 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-15 19:13 - 2017-04-22 20:05 - 00275384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-15 19:13 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-15 19:13 - 2016-04-27 07:34 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-15 19:09 - 2014-08-26 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-15 19:07 - 2017-04-22 20:05 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-14 18:02 - 2016-05-27 10:15 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\CrashDumps
2017-07-12 11:36 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 11:35 - 2014-08-29 05:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 11:34 - 2014-08-29 05:37 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-11 12:16 - 2014-10-20 15:35 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\gtk-2.0
2017-07-10 19:48 - 2017-05-22 20:28 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:09 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-10 19:48 - 2017-04-22 20:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-10 19:48 - 2017-04-22 20:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-10 19:48 - 2017-02-14 20:05 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-07-05 11:12 - 2017-03-20 20:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-07-05 11:12 - 2014-08-26 21:23 - 00000000 ____D C:\ProgramData\Skype
2017-07-03 15:50 - 2017-04-01 22:24 - 00000000 ____D C:\Users\[MyUserName]\AppData\Local\Sublime Text 3
2017-07-02 14:26 - 2014-08-26 20:58 - 00002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-30 16:47 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 16:47 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-09-15 20:34 - 2014-09-15 20:34 - 0000027 _____ () C:\Program Files\plugins.dat
2016-04-28 14:59 - 2016-04-28 14:59 - 1065984 _____ () C:\Users\[MyUserName]\AppData\Local\file__0.localstorage
2014-08-31 22:22 - 2014-10-20 17:38 - 0000600 _____ () C:\Users\[MyUserName]\AppData\Local\PUTTY.RND
2017-07-11 12:16 - 2017-07-11 12:16 - 0003398 _____ () C:\Users\[MyUserName]\AppData\Local\recently-used.xbel
2017-07-06 11:44 - 2017-07-06 11:44 - 0047141 _____ () C:\ProgramData\agent.1499334293.bdinstall.bin
2017-07-06 19:49 - 2017-07-06 19:49 - 0030964 _____ () C:\ProgramData\agent.update.1499363355.bdinstall.bin
2017-04-22 20:05 - 2017-04-22 20:05 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-02-06 19:32 - 2016-02-06 19:32 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
2017-05-31 21:52 - 2017-05-01 22:14 - 0754680 _____ (NVIDIA Corporation) C:\Users\[MyUserName]\AppData\Local\Temp\nvSCPAPI.dll
2017-05-31 21:52 - 2017-05-01 22:14 - 0869200 _____ (NVIDIA Corporation) C:\Users\[MyUserName]\AppData\Local\Temp\nvSCPAPI64.dll
2017-07-15 19:07 - 2017-05-01 22:14 - 0367552 _____ (NVIDIA Corporation) C:\Users\[MyUserName]\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-24 22:07
 
==================== End of FRST.txt ============================

Attached Files


Edited by Morre, 30 July 2017 - 12:53 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 31 July 2017 - 06:45 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Trend Micro Inc.) C:\Users\[MyUserName]\Downloads\HijackThis.exe
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} =>  -> No File
Task: {06384BA3-168A-4C50-9448-F8C0010178A5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {09E311BC-B03F-48E1-B310-6D89A6E46721} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {37D1D450-5EA9-4C79-BA6B-7C3F26CC9C79} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {38DEAA7E-4309-4FF8-A257-C13230422AE5} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {440C4E8A-4AF5-4B5D-AF50-DC8A8B984812} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {47CC12B2-42F0-436A-8638-5789ACC5EF83} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {5EBE8FB5-13A8-445D-91DA-6C332FC302C5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {79413E02-03F4-42C1-89E0-B582BC1433AF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {79755B05-5CA3-4EAC-95DB-987B63EB1EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8937CC8C-74CB-463F-A702-D608F0EA17A0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {AC9BD2AF-8EDE-46F4-B9B5-19C0169BAF6D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D58798DC-1AFB-42E2-AD8A-A379820463E4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DABC384F-B279-4C19-8F01-88CF4A7F2F88} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E3224C5C-BD3B-46D5-9E86-092849874F68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E8DE8E42-8005-4A54-B8EF-E2CCEE9C7FDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E9707800-9A62-428F-89D1-20D25F38BDCE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the tree vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 67 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)

Please let me know what problem persists with this computer.

#5 Morre

Morre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 31 July 2017 - 02:33 PM

Hi again,

 

Thank you for this. The log file from the fix list is below. I noticed the first two chrome extensions had the text "no automatic fix found for this entry". I took the liberty of temporarily moving these two folders out of the extensions folder and into a separate folder on the desktop in case these are automatically detected malicious extensions for Chrome (I hope that's ok!). If that's what they are, and with your permission, I would like to proceed by deleting these folders entirely.

 

Slightly unrelated: I'm curious to know if there's any particular antimalware or antivirus program that you could recommend. I've tried using BitDefender, which I found to be good. Unfortunately it interferes with nVidia's Shadowplay feature, and I decided to stop using BitDefender because of this.

 

Thanks so much for helping!

 

---

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by [MyUserName] (31-07-2017 21:14:06) Run:1
Running from C:\Users\[MyUserName]\Downloads
Loaded Profiles: [MyUserName] & BvSsh_VirtualUsers (Available Profiles: [MyUserName] & BvSsh_VirtualUsers)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Trend Micro Inc.) C:\Users\[MyUserName]\Downloads\HijackThis.exe
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} =>  -> No File
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} =>  -> No File
Task: {06384BA3-168A-4C50-9448-F8C0010178A5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {09E311BC-B03F-48E1-B310-6D89A6E46721} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {37D1D450-5EA9-4C79-BA6B-7C3F26CC9C79} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {38DEAA7E-4309-4FF8-A257-C13230422AE5} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {440C4E8A-4AF5-4B5D-AF50-DC8A8B984812} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {47CC12B2-42F0-436A-8638-5789ACC5EF83} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {5EBE8FB5-13A8-445D-91DA-6C332FC302C5} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {79413E02-03F4-42C1-89E0-B582BC1433AF} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {79755B05-5CA3-4EAC-95DB-987B63EB1EC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8937CC8C-74CB-463F-A702-D608F0EA17A0} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {AC9BD2AF-8EDE-46F4-B9B5-19C0169BAF6D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D58798DC-1AFB-42E2-AD8A-A379820463E4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DABC384F-B279-4C19-8F01-88CF4A7F2F88} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E3224C5C-BD3B-46D5-9E86-092849874F68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E8DE8E42-8005-4A54-B8EF-E2CCEE9C7FDE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E9707800-9A62-428F-89D1-20D25F38BDCE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\[MyUserName]\Downloads\HijackThis.exe => No running process found
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15] => Error: No automatic fix found for this entry.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxDTCM => key removed successfully
HKLM\Software\Classes\CLSID\{9B5F5829-A529-4B12-814A-E81BCB8D93FC} => key not found. 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxOSP => key removed successfully
HKLM\Software\Classes\CLSID\{FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06384BA3-168A-4C50-9448-F8C0010178A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06384BA3-168A-4C50-9448-F8C0010178A5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09E311BC-B03F-48E1-B310-6D89A6E46721} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09E311BC-B03F-48E1-B310-6D89A6E46721} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37D1D450-5EA9-4C79-BA6B-7C3F26CC9C79} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37D1D450-5EA9-4C79-BA6B-7C3F26CC9C79} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{38DEAA7E-4309-4FF8-A257-C13230422AE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DEAA7E-4309-4FF8-A257-C13230422AE5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{440C4E8A-4AF5-4B5D-AF50-DC8A8B984812} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{440C4E8A-4AF5-4B5D-AF50-DC8A8B984812} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{47CC12B2-42F0-436A-8638-5789ACC5EF83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47CC12B2-42F0-436A-8638-5789ACC5EF83} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOONotify => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EBE8FB5-13A8-445D-91DA-6C332FC302C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EBE8FB5-13A8-445D-91DA-6C332FC302C5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79413E02-03F4-42C1-89E0-B582BC1433AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79413E02-03F4-42C1-89E0-B582BC1433AF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79755B05-5CA3-4EAC-95DB-987B63EB1EC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79755B05-5CA3-4EAC-95DB-987B63EB1EC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8937CC8C-74CB-463F-A702-D608F0EA17A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8937CC8C-74CB-463F-A702-D608F0EA17A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC9BD2AF-8EDE-46F4-B9B5-19C0169BAF6D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC9BD2AF-8EDE-46F4-B9B5-19C0169BAF6D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D58798DC-1AFB-42E2-AD8A-A379820463E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D58798DC-1AFB-42E2-AD8A-A379820463E4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DABC384F-B279-4C19-8F01-88CF4A7F2F88} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABC384F-B279-4C19-8F01-88CF4A7F2F88} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E3224C5C-BD3B-46D5-9E86-092849874F68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3224C5C-BD3B-46D5-9E86-092849874F68} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8DE8E42-8005-4A54-B8EF-E2CCEE9C7FDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8DE8E42-8005-4A54-B8EF-E2CCEE9C7FDE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9707800-9A62-428F-89D1-20D25F38BDCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9707800-9A62-428F-89D1-20D25F38BDCE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 71768731 B
Java, Flash, Steam htmlcache => 607381157 B
Windows/system/drivers => 20388955 B
Edge => 1798556 B
Chrome => 516726342 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 419559 B
systemprofile32 => 1344296 B
LocalService => 6478 B
NetworkService => 809472 B
[MyUserName] => 3060925411 B
BvSsh_VirtualUsers => 0 B
 
RecycleBin => 250488793 B
EmptyTemp: => 4.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:16:06 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 01 August 2017 - 07:17 AM


You do not need these extensions.
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\[MyUserName]\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15] => Error: No automatic fix found for this entry.


They may have been protected if you use Chrome Syncing.
If that is the case they will probably be reinstalled.

Fix problems with Chrome sync
https://support.google.com/chrome/answer/3097271?hl=en
====

Could you not have added the program to Bitdefender Whitelist?
https://www.bitdefender.com/support/what-to-do-when-bitdefender-2015-blocks-a-safe-website-or-online-application-1294.html

You will find some recommendations on these pages.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Morre

Morre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 01 August 2017 - 01:16 PM

Hi again,

 

I do not believe Bitdefender's whitelist would have helped - it's not its online features that aren't working, but rather, some issues arises where Bitdefender is in conflict with the program's ability to record screen footage. I've done some googling and it seems to be a known issue / bug. Recommendations for other equivalent software would be much appreciated, although of course not necessary.

 

Thanks again for your help nasdaq!


Edited by Morre, 01 August 2017 - 01:16 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 02 August 2017 - 06:39 AM


I would remove Bitdefender with their uninstaller tool.

https://www.bleepingcomputer.com/download/bitdefender-uninstall-tool/

After a restart of the computer I would install one of the security programs listed in the links I previously gave you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users